Cybersecurity scientists have identified a new Apple macOS backdoor named SpectralBlur that overlaps with a acknowledged malware family that has been attributed to North Korean menace actors.
“SpectralBlur is a reasonably capable backdoor that can upload/down load files, operate a shell, update its configuration, delete information, hibernate, or snooze, dependent on instructions issued from the [command-and-control] server,” security researcher Greg Lesnewich said.
The malware shares similarities with KANDYKORN (aka SockRacket), an highly developed implant that functions as a distant obtain trojan capable of getting management of a compromised host.
It really is value noting that the KANDYKORN exercise also intersects with a different marketing campaign orchestrated by the Lazarus sub-group recognized as BlueNoroff (aka TA444) which culminates in the deployment of a backdoor referred to as RustBucket and a late-phase payload dubbed ObjCShellz.
In modern months, the menace actor has been observed combining disparate pieces of these two an infection chains, leveraging RustBucket droppers to provide KANDYKORN.
The newest conclusions are a different signal that North Korean threat actors are progressively placing their sights on macOS to infiltrate higher-worth targets, significantly these inside of the cryptocurrency and the blockchain industries.
“TA444 retains operating rapidly and furious with these new macOS malware households,” Lesnewich claimed.
Security researcher Patrick Wardle, who shared more insights into the inner workings of SpectralBlur, explained the Mach-O binary was uploaded to the VirusTotal malware scanning company in August 2023 from Colombia.
The purposeful similarities concerning KANDYKORN and SpectralBlur have lifted the probability that they may have been designed by various builders keeping the exact demands in mind.
What tends to make the malware stand out are its tries to hinder assessment and evade detection while making use of grantpt to set up a pseudo-terminal and execute shell commands received from the C2 server.
The disclosure will come as a whole of 21 new malware households built to target macOS techniques, such as ransomware, data stealers, distant obtain trojans, and nation-condition-backed malware, ended up uncovered in 2023, up from 13 identified in 2022.
“With the ongoing development and recognition of macOS (primarily in the organization!), 2024 will absolutely convey a bevy of new macOS malware,” Wardle mentioned.
Identified this write-up intriguing? Follow us on Twitter and LinkedIn to read through far more exceptional content we put up.
Some sections of this post are sourced from: